Posts: 458 +4

When Mark Zuckerberg publicly asked governments to regulate tech firms, he probably didn't have personal accountability in mind. For all the talk about a more privacy-focused Facebook, the CEO has little to show for it. The most recent development has been a meeting with several White House officials to discuss internet regulation and antitrust issues. However, when pressed by senators on the issues of privacy, he offered vague responses that the company is still in the process of figuring that out.

Now, Oregon Senator Ron Wyden is pushing for regulation that could hold tech company executives personally responsible for failing to protect user privacy and security on their respective platforms. The new privacy bill is suggestively called the "Mind Your Own Business Act," and builds on top of a previous draft from last year.

If it passes, the new legislation would give the Federal Trade Commission more effective tools to battle tech giants that violate data privacy laws. Specifically, it would give it the authority to set minimum privacy and security standards that companies have to follow, and to issue heavier fines of up to four percent of annual revenue on the first offense.

This comes after the FTC was criticized for the relatively mild punishments applied to companies like Facebook, Equifax, and YouTube. In the case of Facebook, the result of the $5 billion fine was that the value of the company increased by $10 billion, which is arguably not how punishment is supposed to work.

For executives that knowingly lie to the FTC, there would be harsh punishments - between 10 and 20 years of jail time. Their companies would also be forced to pay a tax based on their salary. Wyden said in a statement that "Mark Zuckerberg won’t take Americans’ privacy seriously unless he feels personal consequences."

Wyden also believes the bill at the very least would provide the same protections as Europe's General Data Protection Regulation. Consumers could get a one-click way to opt out of sharing their personal information and companies would have to offer clear explanations of how they use and share that information.

For companies that own social platforms like Twitter and Facebook, they would have to provide "privacy-friendly" versions of their services for a reasonable fee. The bill would also extend the FCC's Lifeline program to ensure those privacy-focused versions would also be accessible to low-income consumers.

As with previous privacy bills that have been proposed over the last few years, the Mind Your Own Business Act has to gain bipartisan support. It's worth noting that Wyden's bill would not preempt states from making their own privacy regulations, so there's one less source of conflict to worry about.

Posts: 6,950 +5,233

"Could go" and WILL go are two very distant things. It will only be helpful if there are NO exceptions and it's leveled evenhandedly. A far better approach would be for all of these social media companies to have to follow Publisher rules and laws. That makes the responsibility for their content ... which would drive Zuck up the wall ..... hey, I like it, let's do it!

Posts: 221 +198

Posts: 1,191 +726

I'm not keen on the jail time being a minimum of 10 years. That could be manipulated to falsely remove a CEO and lead to all sorts of corruption. Small jail terms (such as 30 days in an actual jail) along with a heavy fine based on a percentage of revenues should be enough of a stick.

Posts: 5,133 +3,224

Posts: 5,133 +3,224

I'm not keen on the jail time being a minimum of 10 years. That could be manipulated to falsely remove a CEO and lead to all sorts of corruption. Small jail terms (such as 30 days in an actual jail) along with a heavy fine based on a percentage of revenues should be enough of a stick.

If the justice system in the US works the way it does for other offenses, then a first offense conviction is unlikely, IMO, to result in a 10-year prison sentence. If the minimum jail term were 30-days, then certainly CEOs would get a taste of prison time that they are unlikely to want to repeat, IMO.

However, for some, it may be a badge of honor and there exists the possibility of repeat offenses because of the lenient term. Any punishment, IMO, has to have some meat in it. 4% of annual revenue is steep, but if the result is that the company worth goes up as a result of the punishment, then its not steep enough, at least as I see it.

The cost to these companies so far has been little more than a damaged reputation. I have to wonder whether anyone has tried to characterize the cost to individuals and the economy. Such costs may very well be far greater than the cost to the companies. As I see it, perhaps a better punishment would be a fine based on the total cost to consumers and the economy. Literally, data breaches like that of Equifax have the potential to destroy the lives individuals affected. IMO, CEOs will only pay attention if the punishment has the same or similar potential to destroy their lives as it does the lives of their customers.

As I see it, this is a start. If the bill passes and becomes law, I hope it retains a substantial set of teeth and bite.

Posts: 5,133 +3,224

The link to the revised bill in the article is an interesting read. While the link mentions fakebook explicitly, the language when referring to companies is general and does not mention any specific companies. Its wording would appear to mean that any and all companies that collect data on their customers with the intent of selling it must obtain specific permission from the affected customers to do so.

@nanoguy While the article title is technically correct, IMO it is misleading in the sense that it seems to imply big tech companies only. The wording at Wyden's site seems to imply all companies are within the scope of the bill.

Posts: 176 +94

I'm not keen on the jail time being a minimum of 10 years. That could be manipulated to falsely remove a CEO and lead to all sorts of corruption. Small jail terms (such as 30 days in an actual jail) along with a heavy fine based on a percentage of revenues should be enough of a stick.

Posts: 193 +70

Posts: 5,133 +3,224

I have just had an unauthorized purchase at crApple. I investigated this to make sure that myself and my wife were not having senior moments, and sure enough, we were not.

So I contacted crApple and all they did was regurgitate their directions for investigating purchases like this. Anyone familiar with crApple's procedure knows that they ask you to look at your purchase history. Sorry, crApple nothing there.

After this particular incident and having had similar occurrences with other online giants, I would like to see something added to the bill that ensures companies will compensate those who's data has been compromised for the time, effort, and economic costs that might be associated with trying to straighten out messes like this.

While these incidents did not result in substantial economic losses, some security breaches can result in outright identity theft. It is my understanding that sometimes, clearing up identity theft can take months and significant amounts of money.

Companies and their leaders need to own up to their own mistakes and need to be held accountable for any and all costs associated with data breaches.